As the development of the communication technology, user can experience multifarious network service. One illustrative example thereof is the location-based service. Location-based service is an information and entertainment service, accessible with mobile devices through the mobile network and utilizing the ability to make use of the geographical position of the mobile device. Mobile operators can provide this kind of service by locating end user's mobile device in their mobile network. Location-based service could provide much convenience, for instance, for the following scenario: a friend (User A) is willing to have lunch with you (User B) if you happen to be nearby. To find out your exact location, the friend needs to access your location information provided by your mobile operator. Apart from that, the friend might also be interested in finding out the restaurants nearby. In this case, the information resources to which your friend would like to access include your location information and the location information of the restaurant. Your location information and the location information of the restaurant are exposed to the friend.
It is true that exposing locating and/or tracking capabilities to SP (Service Provider) can encourage lots of fancy location-based applications, such as finding the nearest hospital, getting the position of a friend, tracking a vehicle and even playing location-based games. However, since location information is sensitive and private, any disallowed access should be avoided. Mobile operators must assure the privacy protection and play important role when the location interface is exposed to service providers.
Unfortunately, current methods make it relatively easy to identify a particular user with specific data about the user, thus raising privacy concerns. Current standards and solutions such as Parlay-X and MLP, cannot provide strong support in privacy protection. Typically, a SP could launch a forgery attack even when a user has privacy settings in operator side. For example, SP can modify the “requestor” field of the request to bypass privacy settings. Following example shows this kind of attack:
Considering following privacy setting of userA:
UserB locate userA—Forbidden
UserC locate userA—Allow
In current existing standards and/or solutions, SP could help userB to launch a forgery attack when userB tries to locate userA, by modifying the “requestor” field to “userC” to successfully locate userA.
There are solutions like using user alias or encrypted address to avoid SP getting user's real identity (like MSISDN), but they all have restrictions or impact on the SP applications while some SP applications may need the real user identity to complete the service after all.
Accordingly, it would be desirable to provide a method of and a system for implementing privacy control in a communication network to overcome the above disadvantages.